Telegram Blur - Advanced Telegram Web Privacy
Version 3.1.0 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a solid 4.8-star rating from 13 reviews and serves 10,000 users, suggesting legitimate functionality. The specific focus on Telegram Web privacy appears to align with user needs for enhanced privacy controls. However, the limited review count and missing developer information reduce overall trustworthiness.
The most significant concern is the broad content script injection capability across all URLs (<all_urls>), which far exceeds what's necessary for a Telegram-specific privacy tool. This permission allows the extension to access and modify content on every website you visit, creating substantial privacy and security risks. While the extension legitimately needs access to web.telegram.org, the universal access is excessive and potentially dangerous. The storage permission, while concerning, is relatively standard for extensions that need to save user preferences.
Given the high-risk broad injection capability, consider running this extension in a separate Chrome profile dedicated to Telegram use only. This isolates potential risks from your main browsing activities. Alternatively, look for similar privacy extensions that request more limited permissions specific to Telegram domains. If you choose to keep it, regularly monitor your browser for unusual behavior and consider disabling it when not actively using Telegram Web. The functionality may be legitimate, but the excessive permissions create unnecessary attack surface.
Findings
Security Analysis Details
Required Permissions:
- storage
- scripting
Host Permissions:
- https://web.telegram.org/
Embedded URLs (9 total):
| https://web.telegram.org/ | https://fonts.googleapis.com | |
| https://fonts.gstatic.com | https://fonts.googleapis.com/css2?family=Poppins:wght@300 | |
| http://www.w3.org/2000/svg | https://clients2.google.com/service/update2/crx | |
| http://alertifyjs.com | https://opensource.org/licenses/gpl-3.0 | |
| https://ads.brainosia.com/data.json?v= |
Raw Manifest
{ "name": "Telegram Blur - Advanced Telegram Web Privacy", "icons": { "16": "images/icon16.png", "32": "images/icon32.png", "48": "images/icon48.png", "128": "images/icon128.png" }, "action": { "default_icon": { "16": "images/icon16.png", "24": "images/icon24.png", "32": "images/icon32.png" }, "default_popup": "popup/popup.html", "default_title": "Telegram Blur Web" }, "version": "3.1.0", "commands": { "toggle": { "description": "Toggle On/Off", "suggested_key": { "default": "Alt+X" } } }, "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Blur and Hides your messages on Telegram until you hover over them.", "permissions": [ "storage", "scripting" ], "content_scripts": [ { "js": [ "load.js" ], "matches": [ "https://web.telegram.org/*" ] }, { "js": [ "ad-script/alertify.min.js", "ad-script/confirm-ad-redirect.js" ], "css": [ "ad-script/alertify.min.css" ], "matches": [ "<all_urls>" ] } ], "host_permissions": [ "https://web.telegram.org/" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "images/statusOn.png", "images/statusOff.png", "css/messages.css", "css/messagesPreview.css", "css/lastMessages.css", "css/mediaPreview.css", "css/mediaGallery.css", "css/textInput.css", "css/profilePic.css", "css/name.css", "css/noDelay.css", "css/unblurActive.css" ] } ], "optional_host_permissions": [ "*://*/*" ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.